Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Gobbling Up Forensic Analysis Data Using Velociraptor
Lately I have been working with Velociraptor for its endpoint and digital forensic capabilities and specifically spent time in many cases in the past two years…
The Hunter’s Workshop: Mastering the Essentials of Threat Hunting
As an incident unfolds, skilled threat hunters with a special talent for uncovering hidden threats stand at the ready. These hunters smoke jump into the chaos…
Oops I UDL'd it Again
IntroductionPhishing. We all love phishing. This post is about a new phishing technique based on some legacy knowledge I had that can be used to get past email…
Must I TRA?: PCI Targeted Risk Analysis
Use of Targeted Risk Analysis (TRA) is a PCI best practice until March 31, 2025, at which time it becomes required for several controls across many assessment…
Execution Guardrails: No One Likes Unintentional Exposure
A red teamer's guide to avoiding common mistakes when creating a sophisticated implant, including hostname keying, network keying, and external keying, with a…
Government Contractor’s Ultimate Guide to CUI
Controlled Unclassified Information (CUI) is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the…
Specula - Turning Outlook Into a C2 With One Registry Change
There exist a few singular Registry changes that any non-privileged user can make that transform the Outlook email client into a beaconing C2 agent. Given that…
Lapse of Control: Applauding PCI SSC for FAQ 1572
I want to applaud the PCI Security Standards Council (PCI SSC) for FAQ 1572 published in March of 2024 for simply and effectively answering a question asked by…
What is Your Compliance Kryptonite?
Understanding PCI DSS requirements and avoiding misinterpretations of security controls can be frustrating for organizations, especially when it comes to…
Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks
This post was written by John Dwyer, Director of Security Research at Binary Defense, and made possible through the contributions of TrustedSec Senior Research…
dirDevil: Hiding Code and Content Within Folder Structures
Welcome back to another round of "Hiding in Plain Sight," exploring weird places to stash data or payloads. In our last edition, we explored an easy method of…
HackingDave’s Rule of Five
Implementing the Rule of Five helps you prioritize tasks that align with your long-term goals, cutting through everyday distractions and fostering personal…
Gobbling Up Forensic Analysis Data Using Velociraptor
Lately I have been working with Velociraptor for its endpoint and digital forensic capabilities and specifically spent time in many cases in the past two years…
The Hunter’s Workshop: Mastering the Essentials of Threat Hunting
As an incident unfolds, skilled threat hunters with a special talent for uncovering hidden threats stand at the ready. These hunters smoke jump into the chaos…
Oops I UDL'd it Again
IntroductionPhishing. We all love phishing. This post is about a new phishing technique based on some legacy knowledge I had that can be used to get past email…
Must I TRA?: PCI Targeted Risk Analysis
Use of Targeted Risk Analysis (TRA) is a PCI best practice until March 31, 2025, at which time it becomes required for several controls across many assessment…
Execution Guardrails: No One Likes Unintentional Exposure
A red teamer's guide to avoiding common mistakes when creating a sophisticated implant, including hostname keying, network keying, and external keying, with a…
Government Contractor’s Ultimate Guide to CUI
Controlled Unclassified Information (CUI) is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the…
Specula - Turning Outlook Into a C2 With One Registry Change
There exist a few singular Registry changes that any non-privileged user can make that transform the Outlook email client into a beaconing C2 agent. Given that…
Lapse of Control: Applauding PCI SSC for FAQ 1572
I want to applaud the PCI Security Standards Council (PCI SSC) for FAQ 1572 published in March of 2024 for simply and effectively answering a question asked by…
What is Your Compliance Kryptonite?
Understanding PCI DSS requirements and avoiding misinterpretations of security controls can be frustrating for organizations, especially when it comes to…
Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks
This post was written by John Dwyer, Director of Security Research at Binary Defense, and made possible through the contributions of TrustedSec Senior Research…
dirDevil: Hiding Code and Content Within Folder Structures
Welcome back to another round of "Hiding in Plain Sight," exploring weird places to stash data or payloads. In our last edition, we explored an easy method of…
HackingDave’s Rule of Five
Implementing the Rule of Five helps you prioritize tasks that align with your long-term goals, cutting through everyday distractions and fostering personal…
Loading...